Passive electrical component for safety system shutdown using Gauss&#39; Law

ABSTRACT

An electro-technical device includes a first housing portion electrically isolated from a second housing portion with a point source being disposed within the first housing portion. A movable conductor is connected to the first portion and is responsive to an electric field generated by the point source to cause the movable conductor to contact the second housing portion to complete a circuit and send out a control signal.

BACKGROUND Field

The present disclosure relates to a safety system shutdown including apassive electrical component that senses a system parameter and becomestripped if a predetermined set point is reached so that a signal is sentto take an action in the system. The passive electrical component makesuse of Gauss' Law.

Description of Related Art

This section provides background information related to the presentdisclosure which is not necessarily prior art.

Modern nuclear reactors use a variety of digital systems for bothcontrol and safety, referred to as a Distributed Control and InformationSystem (DCIS). These systems must be redundant, diverse, fault tolerant,and have extensive self-diagnosis while the system is in operation.Meanwhile, the nuclear digital industry is concerned with common causesoftware failure. Even more damaging is a cyberattack to, or through,the system safety systems. In the digital industry, the desire toincrease computational power while decreasing component size results ina very small digital device with embedded software. It is very difficultto convince a regulatory body that these systems cannot have a commoncause failure. Even more damaging operations can occur when this compactdigital system is subjected to a cyberattack. These extreme unknownconditions of a nuclear power plant safety system lead to the cause forredundancy, independence, and determinacy, all of which contribute tosignificant added cost.

FIG. 6 schematically shows a conventional distributed control andinformation system (DCIS) 200 with both a safety portion 202 andnon-safety portion 204 that are interfaced by a control panel 203. Thepresent disclosure is directed to the safety portion 202 of the DCIS 200which is shown in FIG. 7. The safety portion 202 of the DCIS 200includes four independently designed divisions 202A-202D which eachreceive measured system signals that are collected and sent from aremote multiplexer unit RMU 205 which provides output to the digitaltrip module DTM 206 which each provide outputs to the trip logic unitsTLU 208 which each provide an output signal to the output logic unit OLU210. The conventional safety portions 202 use a voting logic of at least2 out of 4 of the different divisions 202A-202 d receiving like signalsin order to determine a fault (i.e. pressures and temperatures are notcompared against each other). It becomes more difficult for the nuclearpower plant control system designer, purchaser, installer, and operatorto establish and trace the essential safety signals to ensure the systemis performing as designed. A device and method are needed on a scalethat humans can vary “signal flow” or “trace the flow of electrons/dataso that the system is immune from cyber-attack.

SUMMARY

This section provides a general summary of the disclosure, and is not acomprehensive disclosure of its full scope or all of its features.

The present disclosure provides electro-technical devices that, coupledto control systems, can provide passive system safety shutdown or otheremergency operation using Gauss' Law. These devices will solve the issueof common cause software failure or cyber security attacks that areinherent limitations of digital safety systems. The Gauss Law contactorprovides an electro-technical device that can be set up to protect anuclear power plant, or another sensitive infrastructure. The Gauss Lawcontactor of the present disclosure can be produced using metallic andplastic 3-D printing machines that can be utilized to ensure consistentmanufacture of the device for which the manufacturing data can becaptured and stored for utilization in confirming the devices consistentoperational characteristics. The Gauss Law contactor uses a simplepass/fail or go/no-go check to convey to an electrical safety system tochange state to safe shutdown. The printed device is placed into thesafety system to perform 3 basic tasks: sense a system parameter (e.g.temperature, flow, pressure, power or rate of change), if thepredetermined set point is reached—result in a “tripped” state, andlastly, if the safety system logic is met—send a signal to take anaction in the system, such as shutdown. In the event of normal powersupply loss, the Gauss Law contactor can either fail as is or fail in asafe state, depending on user requirements. The system prevents any lossof the safety function of the digital device due to power outage. Thedevice also eliminates failures due to software or digital cyberattacks.

An electro-technical device according to the principles of the presentdisclosure includes a point source supplied with an input signal. Afirst housing portion is electrically isolated from a second housingportion with the point source being disposed within the first housingportion. A movable conductor is connected to the first portion and isresponsive to an electric field generated by the point source to causethe movable conductor to contact the second housing portion to completea circuit and send out a control signal.

According to a further aspect of the present disclosure, anelectro-technical device is provided for detecting a fault state in anuclear system. The electro-technical device includes a first housingportion electrically isolated from a second housing portion and aplurality of point sources being spaced from one another and disposedwithin the first housing portion, each of the point sources beingsupplied with an input signal. A movable conductor is connected to thefirst housing portion and is responsive to an electric filed generatedby the plurality of point sources to contact the second portion tocomplete a circuit for sending out a control signal when at least two ofthe point sources receive an input signal indicative of a fault state.

According to a further aspect of the present disclosure, a method ofmaking an electro-technical device includes digitally printing a firsthousing portion with a movable conductor connected to the first housingportion and a point source within the first housing portion and spacedfrom the movable conductor. Connecting the point source with an inputsignal. Digitally printing a second housing portion opposite to andelectrically isolated from the first housing portion, wherein themovable conductor is responsive to an electric field generated by thepoint source to contact the second housing portion to complete a circuitand send out a control signal.

Further areas of applicability will become apparent from the descriptionprovided herein. The description and specific examples in this summaryare intended for purposes of illustration only and are not intended tolimit the scope of the present disclosure.

BRIEF DESCRIPTION OF THE DRAWINGS

The drawings described herein are for illustrative purposes only ofselected embodiments and not all possible implementations, and are notintended to limit the scope of the present disclosure.

FIG. 1 is a schematic illustration of a Gauss law contactor according tothe principles of the present disclosure shown in an open state;

FIG. 2 is a schematic illustration of the Gauss law contactor shown inFIG. 1 shown in a closed state;

FIG. 3 is a schematic illustration of a gauss law contactor having fourindependent signals entering the Gauss logic contactor shown in an openstate;

FIG. 4 is a schematic illustration of the Gauss law contactor shown inFIG. 3 with one input shown in a activated state;

FIG. 5 is a schematic illustration of the Gauss law contactor shown inFIG. 3 with multiple inputs shown in a activated state for closing thecontactor;

FIG. 6 is a schematic view of a conventional digital system of adistributed control and information system for a nuclear reactor; and

FIG. 7 is a schematic view of a safety portion of the conventionaldigital system of a distributed control and information system as shownin FIG. 6.

Corresponding reference numerals indicate corresponding parts throughoutthe several views of the drawings.

DETAILED DESCRIPTION

Example embodiments will now be described more fully with reference tothe accompanying drawings.

Example embodiments are provided so that this disclosure will bethorough, and will fully convey the scope to those who are skilled inthe art. Numerous specific details are set forth such as examples ofspecific components, devices, and methods, to provide a thoroughunderstanding of embodiments of the present disclosure. It will beapparent to those skilled in the art that specific details need not beemployed, that example embodiments may be embodied in many differentforms and that neither should be construed to limit the scope of thedisclosure. In some example embodiments, well-known processes,well-known device structures, and well-known technologies are notdescribed in detail.

The terminology used herein is for the purpose of describing particularexample embodiments only and is not intended to be limiting. As usedherein, the singular forms “a,” “an,” and “the” may be intended toinclude the plural forms as well, unless the context clearly indicatesotherwise. The terms “comprises,” “comprising,” “including,” and“having,” are inclusive and therefore specify the presence of statedfeatures, integers, steps, operations, elements, and/or components, butdo not preclude the presence or addition of one or more other features,integers, steps, operations, elements, components, and/or groupsthereof. The method steps, processes, and operations described hereinare not to be construed as necessarily requiring their performance inthe particular order discussed or illustrated, unless specificallyidentified as an order of performance. It is also to be understood thatadditional or alternative steps may be employed.

With reference to FIGS. 1 and 2, a Gauss Law contactor 10 according tothe principles of the present disclosure will now be described. As shownin FIG. 1, the Gauss law contactor 10 includes a lower housing portion12 and an upper housing portion 14 that are electrically separated fromone another by an insulated joint 16. A point source 18 is connected toan input signal 20 and is disposed in the lower housing portion 12. Amovable conductor 22 is connected to the lower housing portion 12 and isspaced from the point source 18. The electrical separation between thelower housing portion 12 and the upper housing portion 14 results in anopen control circuit 24 for the Gauss Law contactor 10.

As shown in FIG. 2, the point source 18 is supplied with an increasedinput signal 20′ indicative of an increased sensor voltage representinga safety condition. The safety condition can include an increase intemperature, pressure, fluid flow or other monitored condition. Theincreased input signal 20′ results in an increased charge point source18′ which creates more divergence in the electrical field. The increaseddivergence of the electrical field around point source 18′ causes themovable conductor 22 to move away from the charged point source 18′ andinto contact with the upper housing portion 14 of the Gauss Lawcontactor 10, resulting in the closing of the contactor 24′. The closedcontactor 24′ results in a safety control signal or action 26 to betaken. As an alternative, the reverse circuit can be set up to open(rather than close) the contactor 24 to de-energize a system for aprotective feature.

With reference to FIGS. 3-5, a Gauss Law contactor 30 is illustrated ina nuclear safety system 31 to provide a logic device without software.As shown in FIG. 3, the Gauss law contactor 30 includes a lower housingportion 32 and an upper housing portion 34 that are electricallyseparated from one another by an insulated joint 36. Four independentpoint sources 38 a-38 d are connected to separate input signals 40 a-40d from sensors 41 a-41 d from the nuclear safety system 31 and aredisposed in the lower housing portion 32. A movable conductor 42 isconnected to the lower housing portion 32 and is spaced from the pointsources 38 a-38 d. The electrical separation between the lower housingportion 32 and the upper housing portion 34 results in an open controlcircuit 44 for the Gauss Law contactor 30.

As shown in FIG. 4, one of the point sources 38 a′ is supplied with anincreased input signal 40 a′ from the sensor 41 a′ of the nuclear safetysystem 31 indicative of a safety condition. The safety condition caninclude an increase in temperature, pressure, fluid flow or othermonitored condition as detected by a sensor 41 a-41 d of the nuclearsafety system 31. The increased input signal 40 a′ results in anincreased charge point source 38 a′ which creates more divergence in theelectrical field. The increased divergence of the electrical fieldaround point source 38 a′ causes the movable conductor 42 to move awayfrom the charged point source 38 a′ which however, is insufficient tocause the movable conductor 42 to contact with the upper housing portion34 of the Gauss contactor 30 so that the control circuit 44 remainsopen.

As shown in FIG. 5, multiple ones of the point sources 38 a′, 38 b′ aresupplied with an increased input signal 40 a′, 40 b′ each indicative ofa safety condition. The increased input signals 40 a′, 40 b′ result inan increased charge point source 38 a′ and 38 b′ which creates moredivergence in the electrical field. The increased divergence of theelectrical field around point sources 38 a′ and 38 b′ cause the movableconductor 42 to move away from the charged point sources 38 a′ and 38 b′and into contact with the upper portion 34 of the Gauss Law contactor30, resulting in the closing of the control circuit 44′ to provide asafety control signal 46 to be sent so that a shutdown action or othersecurity operation can be performed. As an alternative, the reversecircuit can be set up to open (rather than close) the contactor 24 todeenergize a system for a protective feature. The Gauss Law contactor 30can replace the digital trip module DTM 206, trip logic unit TLU 208,and the output logic unit OLU 210 previously described in prior artFIGS. 6 and 7.

The Gauss Law contactor 10/30 can be manufactured by digital printingsome or all of the components to insure consistent operation andresponse. By way of example, the upper and lower housings 12, 14/32, 34,the point sources 18/38 a-38 d and the movable conductor 22/42 can allbe made by digital printing from the same or different materials. Themovable conductor 22/42 can be formed as a thin metal film and caninclude folds, undulations or a bellows shape to allow for uninhibitedmovement in response to an increased electrical field emanating from thepoint sources 18/38 a-38 d.

Digital printing results in highly accurate and consistent production ofcomponent parts and can have a digital record for the accuratemanufacture of each component. The digital record can be utilized tocertify the accurate production of the Gauss Law contactor 10/30.

The present disclosure envisions the use of the Gauss Law contactorprovided in this application according to the following operating modes.During steady-state operation of the Gauss Law contactor 10/30, abaseline voltage can be supplied to the contactor. If the voltage to thedevice 10 or two out of four voltages for the device 30 exceeds thedevice baseline, the circuit 24/44 is closed and a safety systemresponse 26/46 is actuated. For some devices the response is aonce-in-a-lifetime component accusation, (the fuse) whereas some of theembodiments described can be physically reset by the operator.

If there is a loss of primary power, and uninterruptible power suppliesused to maintain a constant voltage level within the circuitry. Theelectricity from this secondary supply will also be fed to the safetymeasuring devices, and the loss results in the safe shutdown of thesystem. In the event of a loss of all power, then the system eitherfails as is or to a safety state, depending on how the device is placedinto an architecture by the circuit designer.

The foregoing description of the embodiments has been provided forpurposes of illustration and description. It is not intended to beexhaustive or to limit the disclosure. Individual elements or featuresof a particular embodiment are generally not limited to that particularembodiment, but, where applicable, are interchangeable and can be usedin a selected embodiment, even if not specifically shown or described.The same may also be varied in many ways. Such variations are not to beregarded as a departure from the disclosure, and all such modificationsare intended to be included within the scope of the disclosure.

The invention claimed is:
 1. An electro-technical device, comprising: a point source supplied with an input signal; a first portion electrically isolated from a second portion, the point source including an elongated element extending through and disposed within the first portion, the elongated element extending away from the first portion and toward the second portion; and a movable metallic film conductor fixedly connected to the first portion and being responsive to an electric field generated by the point source to move away from the point source and contact the second portion to complete a circuit and send out a control signal.
 2. The electro-technical device according to claim 1, wherein the input signal is representative of one of a signal from a temperature sensor, a pressure sensor or a flow sensor.
 3. A method of making an electro-technical device, comprising: forming a first housing portion; fixedly connecting a movable metallic film conductor to the first housing portion; inserting a point source including an elongated element extending through and into the first housing portion at a fixed location and spaced from the movable conductor, the elongated element extending away from the first portion, the point source being supplied with an input signal; providing a second housing portion opposite to and electrically isolated from the first housing portion, wherein the movable conductor is responsive to an electric field generated by the point source to move away from the point source and contact the second portion to complete a circuit and send out a control signal.
 4. The method according to claim 3, wherein the input signal is representative of one of a signal from a temperature sensor, a pressure sensor or a flow sensor.
 5. The method according to claim 3, wherein the first housing portion, the second housing portion and the movable conductor are made from metal by 3-D digital printing. 